KR20160033518A - Method for authenticating using biometric information on mobile device - Google Patents

Method for authenticating using biometric information on mobile device Download PDF

Info

Publication number
KR20160033518A
KR20160033518A KR1020140124531A KR20140124531A KR20160033518A KR 20160033518 A KR20160033518 A KR 20160033518A KR 1020140124531 A KR1020140124531 A KR 1020140124531A KR 20140124531 A KR20140124531 A KR 20140124531A KR 20160033518 A KR20160033518 A KR 20160033518A
Authority
KR
South Korea
Prior art keywords
biometric
mobile terminal
reference template
screen
information
Prior art date
Application number
KR1020140124531A
Other languages
Korean (ko)
Inventor
김재성
김낙현
Original Assignee
한국인터넷진흥원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국인터넷진흥원 filed Critical 한국인터넷진흥원
Priority to KR1020140124531A priority Critical patent/KR20160033518A/en
Publication of KR20160033518A publication Critical patent/KR20160033518A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Abstract

Disclosed is an authentication method using biometric information including: a step of a mobile terminal for receiving a user′s biometric reference template which is input by a biometric sensor; a step of the mobile terminal for transmitting the received biometric reference template and terminal information of the mobile terminal to an inquiry server; a step of the mobile terminal for receiving and encrypting user′s biometric sample data which is input by the biometric sensor; and a step of the mobile terminal for receiving the biometric reference template, encrypted by the inquiry server, and comparing the biometric reference template with the encrypted biometric sample data. The present invention is to provide the authentication method using biometric information which has enhanced security.

Description

[0001] METHOD FOR AUTHENTICATING USING BIOMETRIC INFORMATION ON MOBILE DEVICE [0002]

An embodiment according to the concept of the present invention relates to an authentication method using biometrics information in a mobile device. In particular, a biometric reference template serving as a basis for authentication is managed in an encrypted state in an inquiry server, And an authentication method using biometric information that can manage biometric sample data input for authentication in an encrypted state in a mobile terminal.

Bio information with a unique value for each individual is widely used in the authentication process. In particular, among biometric information, fingerprint information is widely used for authentication process because of its easy recognition.

In recent years, bio-sensing technology using hardware such as a camera and a microphone, which are basically installed in a mobile terminal, is sometimes used as an application.

As the utilization of bio information becomes higher, high security is required in the process.

Disclosure of Invention Technical Problem [8] The technical problem to be solved by the present invention is to manage a biometric reference template as an authentication reference in an encrypted state in an inquiry server, and to transmit biometric sample data, To an authentication method using biometric information with improved security.

According to an embodiment of the present invention, there is provided an authentication method using biometric information, comprising: receiving a biometric reference template of a user input through a biometric sensor; Transmitting the received biometric reference template and terminal information of the mobile terminal to the inquiry server, receiving and biometry the biometric sample data of the user inputted through the biometric sensor, And the mobile terminal may receive the biometrics reference template encrypted by the inquiry server and compare the received biometrics reference template with the encrypted biometrics sample data.

The method may further include, before the step of receiving the biometric reference template, transmitting the encryption key generated based on the unique information of the mobile terminal to the inquiry server.

According to an embodiment, the biometric reference template and the biometric sample data may be encrypted based on the encryption key.

According to an embodiment, the unique information of the mobile terminal may include at least one of an International Mobile Subscriber Identity (IMSI) and an International Mobile Equipment Identity (IMEI) of the mobile terminal.

The method may further include deleting the encrypted biometric reference template and the encrypted biometric sample data after the comparing step.

The method according to the embodiment of the present invention is effective for preventing leakage of the biometric reference template by managing the biometric reference template in the highly secure inquiry server.

In addition, by storing the biometric reference template and the biometric sample data by encrypting the biometric reference template and the biometric sample data using an encryption key using unique information of the mobile terminal, the biometric reference template and the biometric sample data can not be checked even if they are extracted through other devices, There is an effect that can be.

Also, the biometrics reference template and the biometrics sample data stored in the mobile terminal during the authentication process are deleted after authentication, thereby preventing the leakage of the biometrics reference template and the biometrics sample data through the mobile terminal have.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to more fully understand the drawings recited in the detailed description of the present invention, a detailed description of each drawing is provided.
1 is a block diagram of an authentication system using biometric information according to an embodiment of the present invention.
2 is a data flow of an authentication method using biometric information according to an embodiment of the present invention.
3 is a view illustrating an operation of an application according to an exemplary embodiment of the present invention.
4 is a view showing an operation of an application according to another embodiment installed in the mobile terminal of the present invention.
5 is a view illustrating an operation of an application according to another embodiment installed in the mobile terminal of the present invention.

It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.

The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.

In the present specification, the term "biometric reference template" may broadly refer to biometric information as a basis for comparison during authentication, and may include data sensed by a biometric sensor or bio information extracted from the data for authentication . ≪ / RTI >

As used herein, the term "biometric sample data" may broadly refer to biometric information input for authentication, and refers to data sensed by a biometric sensor or bio information extracted from the data for authentication can do.

1 is a block diagram of an authentication system using biometric information according to an embodiment of the present invention.

Referring to FIG. 1, the authentication system 10 may include a biometric sensor 100, a mobile device 200, and a verification server 300.

The biometric sensor 100 may capture user biometric information from a user. According to an embodiment, the bio information may include various types of information such as a fingerprint, a blood vessel pattern of a hand, a shape of a hand, a face feature, a fingerprint pattern, a feature point of a fingerprint, or an eyeball shape.

The biometric sensor 100 may be implemented as a device separate from the mobile terminal 200 so that the bio information of the user can not be forged.

The mobile terminal 200 can perform authentication according to the result of the comparison between the biometric sample data input for authentication and the biometric reference template serving as the authentication reference. The authentication process will be described in detail with reference to FIG.

The inquiry server 300 can manage the biometric reference template in an encrypted state.

The biometric sensor 100 and the mobile terminal 200 can transmit and receive data through wired and wireless communication.

The mobile terminal 200 and the inquiry server 300 can transmit and receive data through wireless communication.

2 is a data flow of an authentication method using biometric information according to an embodiment of the present invention.

Referring to FIG. 2, the mobile terminal 200 generates and stores an encryption key using unique information of the mobile terminal 200, and transmits the generated encryption key to the inquiry server 300 (S5). The inquiry server 300 may store the encryption key transmitted from the mobile terminal 200 (S5).

The unique information of the mobile terminal 200 may include at least one of an International Mobile Subscriber Identity (IMSI) of the mobile terminal 200 and an International Mobile Equipment Identity (IMEI).

According to another embodiment, the encryption key may be generated by a symmetric key method or an asymmetric key method and stored in the mobile terminal 200 and the inquiry server 300.

The mobile terminal 200 may request the biometric sensor 100 to input a biometric reference template (S10).

The biometric sensor 100 may capture the biometric reference template input from the user (S12). The biometric sensor 100 may transmit the captured biometric reference template to the mobile terminal 200 (S14).

The mobile terminal 200 can transmit the terminal information of the mobile terminal 200 and the biometric reference template received from the biometric sensor 100 to the inquiry server 300 (S16).

The terminal information of the mobile terminal 200 may include at least one of an International Mobile Subscriber Identity (IMSI) of the mobile terminal 200 and an International Mobile Equipment Identity (IMEI).

The inquiry server 300 can encrypt the biometric reference template transmitted from the mobile terminal 200 using the stored encryption key (S18).

The inquiry server 300 can register the encrypted biometric reference template by mapping the received terminal information in step S16 (S20).

When the mobile terminal 200 requires authentication, the mobile terminal 200 may request the biometric sensor 100 to input biometric sample data (S22).

According to an embodiment, the mobile terminal 200 may perform step S22 in response to a request of an application executed in the mobile terminal 200. [

The biometric sensor 100 may capture the biometric sample data input from the user (S24).

The biometric sensor 100 may transmit the captured biometric sample data to the mobile terminal 200 (S26).

The mobile terminal 200 can encrypt the received biometric sample data with the stored encryption key (S28). The mobile terminal 200 may store the encrypted biometric sample data in a memory (S30).

The mobile terminal 200 can request the biometric reference template to the inquiry server 300 (S32). According to the embodiment, the mobile terminal 200 may transmit the terminal information of the mobile terminal 200 to the inquiry server 300 in step S32. That is, the terminal information of the mobile terminal 200 may be included in the request of the mobile terminal 200.

In response to a request from the mobile terminal 200, the inquiry server 300 may search for a biometric reference template corresponding to the received terminal information (S34).

The inquiry server 300 may transmit the retrieved biometric reference template in an encrypted state to the mobile terminal 200 (S36).

The mobile terminal 200 may perform the authentication process by comparing the encrypted biometric sample data stored in the memory with the encrypted biometric reference template received from the inquiry server 300 (S38).

According to an embodiment, the mobile terminal 200 decrypts the encrypted biometric sample data using an encryption key, decrypts the encrypted biometric reference template using the encryption key, decrypts the decrypted biometric sample data, You can also compare biometric reference templates with each other.

When the authentication process of step S38 is completed, the mobile terminal 200 may delete the biometric sample data stored in the memory and the biometric reference template (S40).

3 is a view illustrating an operation of an application according to an exemplary embodiment of the present invention.

3 to 5 illustrate the case where fingerprint information is used as a biometric reference template and biometric sample data, the scope of rights of the present invention is not limited thereto.

3A shows an initial screen of the biometric authentication center application. The initial screen of the BioCertification Center application includes a biocertificate issuance and biometric certificate inquiry item. If the item of issuing the biocertificate is selected, the screen moves to the biocertificate issuing screen. If the biocertificate inquiry item is selected, the screen moves to the bio certificate inquiry screen.

FIG. 3B shows a bio certificate issuance screen. The bio certificate issuance screen includes a fingerprint registration item. When the fingerprint registration item is selected, the bio certificate issuance screen is moved to the fingerprint authentication screen for the bio certificate issuance process.

FIG. 3C shows a bio-certificate inquiry screen. The bio-certificate inquiry screen includes a fingerprint authentication item. When the fingerprint authentication item is selected, the screen moves to the fingerprint authentication screen for the biometric certificate inquiry process.

FIG. 3D shows a bio certificate result screen. According to FIG. 3D, the bio certificate result screen displays various types of information such as failure to issue a bio certificate, issuance of a bio certificate, registration of a bio certificate already, and absence of a bio certificate.

3E shows a fingerprint authentication screen. The fingerprint authentication process proceeds as follows.

1. Input user's fingerprint data.

2. Pass the input fingerprint data to the applet mounted on the mobile terminal.

3. The applet registers fingerprint data in the query server according to the user's request or performs matching such as authentication, and returns the result.

4. The applet deletes the fingerprint data stored in the mobile terminal.

5. Process the results of the work to the user.

4 is a view showing an operation of an application according to another embodiment installed in the mobile terminal of the present invention.

4A shows an initial screen of a mobile terminal in which a bank-related application is installed. According to FIG. 4A, the initial screen includes items such as account transfer, deposit inquiry, loan, and bio-authentication center. For example, when the account transfer item is selected, the screen moves to the deposit / withdrawal account information input screen, The bio-authentication center program of Fig. 3 is executed.

4B shows a deposit and withdrawal account information input screen. The deposit and withdrawal account information input screen is a screen for inputting the account information for the deposit and withdrawal for the account transfer, and moves to the account transfer information confirmation screen when the confirmation button is selected.

4C shows the account transfer information confirmation screen. The account transfer information confirmation screen is a screen for re-checking the inputted account transfer information, and when the next item is selected, the screen moves to the secure card input screen.

4D is a security card input screen. Enter the relevant information on the security card input screen and then move to the account transfer screen by selecting the next item.

4E is an account transfer screen. The account transfer screen finally confirms the account transfer information and finally the screen for fingerprint authentication. When the fingerprint authentication item is selected, the fingerprint authentication screen of the bio-authentication center program of FIG. 3E is displayed.

FIG. 4F shows a result of the account transfer. The account transfer result screen is a screen showing that the biometric authentication transfer has been successfully completed.

5 is a view illustrating an operation of an application according to another embodiment installed in the mobile terminal of the present invention.

5A shows a home screen of a shopping mall.

5B shows a product selection screen of the connected shopping mall. If any one of the displayed products is selected, the screen moves to the product purchase screen.

5C shows a product purchase screen. If you select the purchase item for the selected product on the product purchase screen, you will go to the product order / payment screen.

FIG. 5D shows a product order / payment screen. The product order / payment screen moves to the real-time account transfer screen by selecting a payment item as a screen for inputting shipping information and entering payment information of the product.

5E shows a real-time account transfer screen. The real-time account transfer screen is a screen for confirming the information for purchasing the product and confirming the final purchase. When the confirmation item is selected, the fingerprint authentication screen of the bio-authentication center program shown in Fig. 3E is moved to the biometric authentication screen.

5F shows a payment completion screen. The settlement completion screen is a screen showing that the settlement of purchase of the bio-certified product has been successfully completed.

As described above, the present invention proposes various methods for performing financial transactions and electronic commerce using an authentication method using biometric information.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: Authentication system
100: biometric sensor
200: mobile terminal
300: verification server

Claims (5)

A method, comprising: receiving a user's biometric reference template entered via a biometric sensor;
Transmitting the received biometric reference template and terminal information of the mobile terminal to the inquiry server;
Receiving and biometry sample data of the user inputted through the biometric sensor; And
And the mobile terminal receiving the biometrics reference template encrypted by the inquiry server and comparing the biometrics reference template with the encrypted biometrics sample data. The method according to claim 1,
Prior to receiving the biometric reference template,
Further comprising the step of the mobile terminal transmitting an encryption key generated based on the unique information of the mobile terminal to the inquiry server. 3. The method of claim 2,
Wherein the biometric reference template and the biometric sample data are encrypted based on the encryption key. 4. The method of claim 3, wherein the unique information of the mobile terminal comprises:
And an International Mobile Subscriber Identity (IMSI) of the mobile terminal, and an International Mobile Equipment Identity (IMEI) of the mobile terminal. 2. The method of claim 1,
And deleting the encrypted biometric reference template and the encrypted biometric sample data.
KR1020140124531A 2014-09-18 2014-09-18 Method for authenticating using biometric information on mobile device KR20160033518A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020140124531A KR20160033518A (en) 2014-09-18 2014-09-18 Method for authenticating using biometric information on mobile device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140124531A KR20160033518A (en) 2014-09-18 2014-09-18 Method for authenticating using biometric information on mobile device

Publications (1)

Publication Number Publication Date
KR20160033518A true KR20160033518A (en) 2016-03-28

Family

ID=57007657

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140124531A KR20160033518A (en) 2014-09-18 2014-09-18 Method for authenticating using biometric information on mobile device

Country Status (1)

Country Link
KR (1) KR20160033518A (en)

Similar Documents

Publication Publication Date Title
US10706136B2 (en) Authentication-activated augmented reality display device
US20190349360A1 (en) Provisioning transferable access tokens
US9531696B2 (en) Apparatus, system and method for secure payment
US10432620B2 (en) Biometric authentication
US20150317638A1 (en) Methods, Devices and Systems for Transaction Initiation
US10140614B2 (en) User authentication method and device for credentials back-up service to mobile devices
US10861004B2 (en) One use wearable
JP6705232B2 (en) System, cash deposit method and program
US11321445B2 (en) Delegated biometric authentication
US20180018657A1 (en) Mobile terminals providing secure user interfaces
US20160092876A1 (en) On-device shared cardholder verification
CA3065034C (en) System, method, and computer program product for mobile device transactions
KR20180001455A (en) Mobile device of authenticating a purchase transaction and method there-of
US20230185898A1 (en) Systems and methods for authentication code entry using mobile electronic devices
WO2015138976A2 (en) Dynamic security code
US11410170B2 (en) Systems, methods and computer program products for securing OTPS
KR101768318B1 (en) Method, apparatus, and computer program for user authentication
KR20160033518A (en) Method for authenticating using biometric information on mobile device
US20200143025A1 (en) System, Method, and Apparatus for Authenticating Biometric Inputs
US10395227B2 (en) System and method for reconciling electronic transaction records for enhanced security
ARORA INFINITY PAY
CN117981274A (en) Remote identity interaction

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination